Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-09-29 Thread John Mattsson
Hi, I positive security property the document should definitely be mention is that PSKs are quantum-safe. It can be argued how large the PSKs need to be, but even 128-bit PSKs are practically safe againts any foreseable quantum computer. Assuming someone builds a quantum computer that breaks R

[TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-09-29 Thread John Mattsson
Hi, I think is a very well written and very useful document. Comments and suggestions: - Abstract and Section 1 ”It lists TLS security properties provided by PSKs under certain assumptions and demonstrates how violations of these assumptions lead to attacks.” I think a very important objecti

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-08-20 Thread Carrick Bartle
Cool, I'll propose some text in the cases you mentioned. > On Aug 20, 2020, at 6:10 AM, Christopher Wood wrote: > > On Wed, Aug 19, 2020, at 6:42 PM, Carrick Bartle wrote: >> Thanks for the feedback! I've posted a bunch of PRs and issues, as >> you've seen. Here are my remaining comments: >>

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-08-20 Thread Christopher Wood
On Wed, Aug 19, 2020, at 6:42 PM, Carrick Bartle wrote: > Thanks for the feedback! I've posted a bunch of PRs and issues, as > you've seen. Here are my remaining comments: > > >>> Low entropy keys are only secure against active attack if a PAKE is > >> used with TLS. > >> Maybe cite a document t

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-08-19 Thread Carrick Bartle
Thanks for the feedback! I've posted a bunch of PRs and issues, as you've seen. Here are my remaining comments: >>> Low entropy keys are only secure against active attack if a PAKE is >> used with TLS. >> Maybe cite a document that contains a recommended way of using PAKEs >> with TLS (e.g. dra

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-08-19 Thread Christopher Wood
> > > > > *From:* Mohit Sethi M > > *Sent:* Wednesday, July 8, 2020 1:03 AM > > *To:* Jim Schaad ; Mohit Sethi M > > ; draft-ietf-tls-external-psk-guida...@ietf.org > > *Cc:* tls@ietf.org > > *Subject:* Re: [TLS] Review of draft-ietf-tl

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-08-19 Thread Mohit Sethi M
Hi Carrick, Thank you for the review. I also added some comments in-line. On 8/18/20 6:26 PM, Christopher Wood wrote: > Hi Carrick, > > Sorry for the delay. Please see inline below! > > On Thu, Jul 9, 2020, at 10:09 PM, Carrick Bartle wrote: >> Isn’t the rerouting attack described in Section 4 no

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-08-18 Thread Christopher Wood
Hi Carrick, Sorry for the delay. Please see inline below! On Thu, Jul 9, 2020, at 10:09 PM, Carrick Bartle wrote: > Isn’t the rerouting attack described in Section 4 not possible if "A" > uses the SNI extension and "C" aborts the connection on mismatch? If > so, it might be worth mentioning tha

[TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-09 Thread Carrick Bartle
Hi everyone, A few thoughts on draft-ietf-tls-external-psk-guidance-00: Isn’t the rerouting attack described in Section 4 not possible if "A" uses the SNI extension and "C" aborts the connection on mismatch? If so, it might be worth mentioning that as a potential mitigation (as the Selfie paper

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-09 Thread Mohit Sethi M
; Subject: Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00 Hi Jim, On 7/6/20 7:06 PM, Jim Schaad wrote: -Original Message- From: Mohit Sethi M <mailto:mohit.m.se...@ericsson.com> Sent: Monday, July 6, 2020 3:10 AM To: Jim Schaad <mailto:i...@augustcellars.com

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-08 Thread Jim Schaad
From: Mohit Sethi M Sent: Wednesday, July 8, 2020 1:03 AM To: Jim Schaad ; Mohit Sethi M ; draft-ietf-tls-external-psk-guida...@ietf.org Cc: tls@ietf.org Subject: Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00 Hi Jim, On 7/6/20 7:06 PM, Jim Schaad wrote

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-08 Thread Mohit Sethi M
Hi Jim, On 7/6/20 7:06 PM, Jim Schaad wrote: -Original Message- From: Mohit Sethi M Sent: Monday, July 6, 2020 3:10 AM To: Jim Schaad ; draft-ietf-tls-external-psk- guida...@ietf.org Cc: tls

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-06 Thread Jim Schaad
> -Original Message- > From: Mohit Sethi M > Sent: Monday, July 6, 2020 3:10 AM > To: Jim Schaad ; draft-ietf-tls-external-psk- > guida...@ietf.org > Cc: tls@ietf.org > Subject: Re: Review of draft-ietf-tls-external-psk-guidance-00 > > Hi Jim, > > Thanks for the review. A clarifying q

Re: [TLS] Review of draft-ietf-tls-external-psk-guidance-00

2020-07-06 Thread Mohit Sethi M
Hi Jim, Thanks for the review. A clarifying question in-line. On 7/2/20 12:02 AM, Jim Schaad wrote: > * In section 4 there is a statement that switching the roles of servers > which use PSKs will lead to weakening of security properties. As this is a > common scenario today in situations where y